Apple iCloud Desktop Client v5.2.1.0 is vulnerable to local credentials disclosure after the user is logged out. It seems that iCloud does not store the supplied credentials while the user is logged in, but after sign out the supplied username and password are stored in a plaintext format in memory process. A potential attacker could reveal the supplied username and password in order to gain access to iCloud account.
The bug is a common SQL injection in the 'index.php' file of the Comicsense script. The variable '$epi' is not verified, allowing an attacker to inject malicious SQL queries and retrieve sensitive information from the database.
Spawns a nobody/apache shell on Apache, root on other servers.
The K-letter 1.0 script is vulnerable to remote file inclusion. The vulnerability can be exploited by an attacker by including a malicious script hosted on a remote server, which can lead to arbitrary code execution on the target system.
MySQL v5.5.45 is vulnerable to local credentials disclosure, the supplied username and password are stored in a plaintext format in memory process. A potential attacker could reveal the supplied username and password in order to gain access to the database.
ArcServe UDP for Windows installs various services. One of them is the 'Arcserve UDP Update Service (CAARCUpdateSvc)' running as SYSTEM. This particular service has an insecurely quoted path. An attacker with write permissions on the root-drive or directory in the search path could place a malicious binary and elevate privileges.
This module sends a specially-crafted packet to the service login of snmpc causing a denial of service of snmpc.
File path manipulation vulnerabilities arise when user-controllable data is placed into a file or URL path that is used on the server to access local resources, which may be within or outside the web root. An attacker can modify the file path to access different resources, which may contain sensitive information. Even where an attack is constrained within the web root, it is often possible to retrieve items that are normally protected from direct access, such as application configuration files, the source code for server-executable scripts, or files with extensions that the web server is not configured to serve directly.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
This is a Perl script that exploits a vulnerability (CVE-2007-2791) in HP Tru64 UNIX versions 5.1B-4 and 5.1B-3. It allows an attacker to enumerate users on a remote system using the Secure Shell (SSH) protocol. The script first grabs the banner from the target system using telnet, then uses SSH to time the response when trying to authenticate with different usernames. By comparing the response times, the attacker can determine which usernames exist on the target system.
Services By CQR